Encrypt Everything!

Jim Johnston is The Heartland Institute's senior fellow for energy and regulatory policy and a member of its Board of Directors. He retired in January 1993 from his position as senior economist at Amoco Corporation, whose Economics Department he joined in 1975. His primary responsibilities while at Amoco included the economic analysis of public policy issues and the hedging of corporate risk.Prior to his employment at Amoco, Mr. Johnston served as an economist with the RAND Corporation, the Institute for Defense Analyses, and the Secretary's Office of the U.S. Treasury. He served on the U.S. delegation to the United Nations Conference on the Law of the Sea.Mr. Johnston's current research has focused on electric utility deregulation in Illinois and other states; pollution trading under the climate change treaty, Clean Air Act, and the RECLAIM system for the South Coast Air District; and a general theory of regulation, published in the Cato Institute's Regulation magazine.

The continuing scandal regarding National Security Agency monitoring of U.S. citizens’ and residents’ electronic communications makes one thing perfectly clear: If anyone is going to protect the public from unwanted snooping, the government isn’t it.

On June 5, 2013 a trove of documents from the National Security Agency was released by NSA contractor Edward Snowden to Glenn Greenwald, Laura Poitras, and Bart Gellman and later published in part by The Guardian and the Washington Post.

The response was immediate. Many people were shocked but appreciated the information. Others were shocked but felt Snowden was a traitor and must be prosecuted for treason.

Among the punishment camp are the White House and the Department of Justice. In addition, the NSA itself is worried about the files not yet released by Snowden. Rick Ledgett, who heads the NSA’s task force on the Snowden leaks, recently told the CBS show 60 Minutes he would consider amnesty for Snowden if he would stop any additional leaks. An editorial by The New York Timesendorsed the idea.

Also endorsing clemency was Sen. Rand Paul, but the editorial board of TheWall Street Journal strongly opposed the idea on January 8, 2014.

An interesting implication of this difference of opinion is that the political gain from threatening prosecution of Snowden outweighs any potential damage resulting from the publication of the yet unleaked NSA documents. But Snowden no longer has the documents. They are in the hands of the reporters and under their exclusive control. So there is nothing for him to yield in exchange for clemency.

There is a basic question of how effective the NSA program has been in terms of improving national security. One need go no further for the answer than security and cryptography expert Bruce Schneier: “We have no evidence that any of this surveillance makes us safer. NSA Director General Keith Alexander responded to these stories in June by claiming that he disrupted 54 terrorist plots. In October, he revised that number downward to 13, and then to ‘one or two.’ At this point, the only ‘plot’ prevented was that of a San Diego man sending $8,500 to support a Somali militant group. We have been repeatedly told that these surveillance programs would have been able to stop 9/11, yet the NSA didn’t detect the Boston bombings—even though one of the two terrorists was on the watch list and the other had a sloppy social media trail. Bulk collection of data and metadata is an ineffective counterterrorism tool.”

Among the details identified by the Washington Post, there is one important omission on the White House’s part: “The NSA has not been ordered, as many had wanted, to avoid building ‘backdoors’ into software, a practice that critics say weakens encryption standards, or to stop exploiting flaws in software to conduct cyberattacks.”

Thus we have an environment where the NSA has discovered or created backdoors to the data of many large businesses and institutions. The mere existence of this program tells foreign and domestic hackers it might be easy for them to make their own assaults on private businesses.

Where will protection come from, then? The government? I doubt it. A partial answer is suggested by Bruce Schneier: Encrypt everything!